1 /* 2 * Copyright (c) 2018 Yubico AB. All rights reserved. 3 * Use of this source code is governed by a BSD-style 4 * license that can be found in the LICENSE file. 5 */ 6 7 #ifndef _FIDO_TYPES_H 8 #define _FIDO_TYPES_H 9 10 #ifdef __MINGW32__ 11 #include <sys/types.h> 12 #endif 13 14 #include <signal.h> 15 #include <stddef.h> 16 #include <stdint.h> 17 18 #ifdef __cplusplus 19 extern "C" { 20 #endif /* __cplusplus */ 21 22 struct fido_dev; 23 24 typedef void *fido_dev_io_open_t(const char *); 25 typedef void fido_dev_io_close_t(void *); 26 typedef int fido_dev_io_read_t(void *, unsigned char *, size_t, int); 27 typedef int fido_dev_io_write_t(void *, const unsigned char *, size_t); 28 typedef int fido_dev_rx_t(struct fido_dev *, uint8_t, unsigned char *, size_t, int); 29 typedef int fido_dev_tx_t(struct fido_dev *, uint8_t, const unsigned char *, size_t); 30 31 typedef struct fido_dev_io { 32 fido_dev_io_open_t *open; 33 fido_dev_io_close_t *close; 34 fido_dev_io_read_t *read; 35 fido_dev_io_write_t *write; 36 } fido_dev_io_t; 37 38 typedef struct fido_dev_transport { 39 fido_dev_rx_t *rx; 40 fido_dev_tx_t *tx; 41 } fido_dev_transport_t; 42 43 typedef enum { 44 FIDO_OPT_OMIT = 0, /* use authenticator's default */ 45 FIDO_OPT_FALSE, /* explicitly set option to false */ 46 FIDO_OPT_TRUE, /* explicitly set option to true */ 47 } fido_opt_t; 48 49 typedef void fido_log_handler_t(const char *); 50 51 #ifdef _WIN32 52 typedef int fido_sigset_t; 53 #else 54 typedef sigset_t fido_sigset_t; 55 #endif 56 57 #ifdef _FIDO_INTERNAL 58 #include "packed.h" 59 #include "blob.h" 60 61 /* COSE ES256 (ECDSA over P-256 with SHA-256) public key */ 62 typedef struct es256_pk { 63 unsigned char x[32]; 64 unsigned char y[32]; 65 } es256_pk_t; 66 67 /* COSE ES256 (ECDSA over P-256 with SHA-256) (secret) key */ 68 typedef struct es256_sk { 69 unsigned char d[32]; 70 } es256_sk_t; 71 72 /* COSE RS256 (2048-bit RSA with PKCS1 padding and SHA-256) public key */ 73 typedef struct rs256_pk { 74 unsigned char n[256]; 75 unsigned char e[3]; 76 } rs256_pk_t; 77 78 /* COSE EDDSA (ED25519) */ 79 typedef struct eddsa_pk { 80 unsigned char x[32]; 81 } eddsa_pk_t; 82 83 PACKED_TYPE(fido_authdata_t, 84 struct fido_authdata { 85 unsigned char rp_id_hash[32]; /* sha256 of fido_rp.id */ 86 uint8_t flags; /* user present/verified */ 87 uint32_t sigcount; /* signature counter */ 88 /* actually longer */ 89 }) 90 91 PACKED_TYPE(fido_attcred_raw_t, 92 struct fido_attcred_raw { 93 unsigned char aaguid[16]; /* credential's aaguid */ 94 uint16_t id_len; /* credential id length */ 95 uint8_t body[]; /* credential id + pubkey */ 96 }) 97 98 typedef struct fido_attcred { 99 unsigned char aaguid[16]; /* credential's aaguid */ 100 fido_blob_t id; /* credential id */ 101 int type; /* credential's cose algorithm */ 102 union { /* credential's public key */ 103 es256_pk_t es256; 104 rs256_pk_t rs256; 105 eddsa_pk_t eddsa; 106 } pubkey; 107 } fido_attcred_t; 108 109 typedef struct fido_attstmt { 110 fido_blob_t certinfo; /* tpm attestation TPMS_ATTEST structure */ 111 fido_blob_t pubarea; /* tpm attestation TPMT_PUBLIC structure */ 112 fido_blob_t cbor; /* cbor-encoded attestation statement */ 113 fido_blob_t x5c; /* attestation certificate */ 114 fido_blob_t sig; /* attestation signature */ 115 int alg; /* attestation algorithm (cose) */ 116 } fido_attstmt_t; 117 118 typedef struct fido_rp { 119 char *id; /* relying party id */ 120 char *name; /* relying party name */ 121 } fido_rp_t; 122 123 typedef struct fido_user { 124 fido_blob_t id; /* required */ 125 char *icon; /* optional */ 126 char *name; /* optional */ 127 char *display_name; /* required */ 128 } fido_user_t; 129 130 typedef struct fido_cred_ext { 131 int mask; /* enabled extensions */ 132 int prot; /* protection policy */ 133 size_t minpinlen; /* minimum pin length */ 134 } fido_cred_ext_t; 135 136 typedef struct fido_cred { 137 fido_blob_t cd; /* client data */ 138 fido_blob_t cdh; /* client data hash */ 139 fido_rp_t rp; /* relying party */ 140 fido_user_t user; /* user entity */ 141 fido_blob_array_t excl; /* list of credential ids to exclude */ 142 fido_opt_t rk; /* resident key */ 143 fido_opt_t uv; /* user verification */ 144 fido_cred_ext_t ext; /* extensions */ 145 int type; /* cose algorithm */ 146 char *fmt; /* credential format */ 147 fido_cred_ext_t authdata_ext; /* decoded extensions */ 148 fido_blob_t authdata_cbor; /* cbor-encoded payload */ 149 fido_blob_t authdata_raw; /* cbor-decoded payload */ 150 fido_authdata_t authdata; /* decoded authdata payload */ 151 fido_attcred_t attcred; /* returned credential (key + id) */ 152 fido_attstmt_t attstmt; /* attestation statement (x509 + sig) */ 153 fido_blob_t largeblob_key; /* decoded large blob key */ 154 fido_blob_t blob; /* CTAP 2.1 credBlob */ 155 } fido_cred_t; 156 157 typedef struct fido_assert_extattr { 158 int mask; /* decoded extensions */ 159 fido_blob_t hmac_secret_enc; /* hmac secret, encrypted */ 160 fido_blob_t blob; /* decoded CTAP 2.1 credBlob */ 161 } fido_assert_extattr_t; 162 163 typedef struct _fido_assert_stmt { 164 fido_blob_t id; /* credential id */ 165 fido_user_t user; /* user attributes */ 166 fido_blob_t hmac_secret; /* hmac secret */ 167 fido_assert_extattr_t authdata_ext; /* decoded extensions */ 168 fido_blob_t authdata_cbor; /* raw cbor payload */ 169 fido_authdata_t authdata; /* decoded authdata payload */ 170 fido_blob_t sig; /* signature of cdh + authdata */ 171 fido_blob_t largeblob_key; /* decoded large blob key */ 172 } fido_assert_stmt; 173 174 typedef struct fido_assert_ext { 175 int mask; /* enabled extensions */ 176 fido_blob_t hmac_salt; /* optional hmac-secret salt */ 177 } fido_assert_ext_t; 178 179 typedef struct fido_assert { 180 char *rp_id; /* relying party id */ 181 fido_blob_t cd; /* client data */ 182 fido_blob_t cdh; /* client data hash */ 183 fido_blob_array_t allow_list; /* list of allowed credentials */ 184 fido_opt_t up; /* user presence */ 185 fido_opt_t uv; /* user verification */ 186 fido_assert_ext_t ext; /* enabled extensions */ 187 fido_assert_stmt *stmt; /* array of expected assertions */ 188 size_t stmt_cnt; /* number of allocated assertions */ 189 size_t stmt_len; /* number of received assertions */ 190 } fido_assert_t; 191 192 typedef struct fido_opt_array { 193 char **name; 194 bool *value; 195 size_t len; 196 } fido_opt_array_t; 197 198 typedef struct fido_str_array { 199 char **ptr; 200 size_t len; 201 } fido_str_array_t; 202 203 typedef struct fido_byte_array { 204 uint8_t *ptr; 205 size_t len; 206 } fido_byte_array_t; 207 208 typedef struct fido_algo { 209 char *type; 210 int cose; 211 } fido_algo_t; 212 213 typedef struct fido_algo_array { 214 fido_algo_t *ptr; 215 size_t len; 216 } fido_algo_array_t; 217 218 typedef struct fido_cbor_info { 219 fido_str_array_t versions; /* supported versions: fido2|u2f */ 220 fido_str_array_t extensions; /* list of supported extensions */ 221 fido_str_array_t transports; /* list of supported transports */ 222 unsigned char aaguid[16]; /* aaguid */ 223 fido_opt_array_t options; /* list of supported options */ 224 uint64_t maxmsgsiz; /* maximum message size */ 225 fido_byte_array_t protocols; /* supported pin protocols */ 226 fido_algo_array_t algorithms; /* list of supported algorithms */ 227 uint64_t maxcredcntlst; /* max number of credentials in list */ 228 uint64_t maxcredidlen; /* max credential ID length */ 229 uint64_t fwversion; /* firmware version */ 230 uint64_t maxcredbloblen; /* max credBlob length */ 231 } fido_cbor_info_t; 232 233 typedef struct fido_dev_info { 234 char *path; /* device path */ 235 int16_t vendor_id; /* 2-byte vendor id */ 236 int16_t product_id; /* 2-byte product id */ 237 char *manufacturer; /* manufacturer string */ 238 char *product; /* product string */ 239 fido_dev_io_t io; /* i/o functions */ 240 fido_dev_transport_t transport; /* transport functions */ 241 } fido_dev_info_t; 242 243 PACKED_TYPE(fido_ctap_info_t, 244 /* defined in section 8.1.9.1.3 (CTAPHID_INIT) of the fido2 ctap spec */ 245 struct fido_ctap_info { 246 uint64_t nonce; /* echoed nonce */ 247 uint32_t cid; /* channel id */ 248 uint8_t protocol; /* ctaphid protocol id */ 249 uint8_t major; /* major version number */ 250 uint8_t minor; /* minor version number */ 251 uint8_t build; /* build version number */ 252 uint8_t flags; /* capabilities flags; see FIDO_CAP_* */ 253 }) 254 255 typedef struct fido_dev { 256 uint64_t nonce; /* issued nonce */ 257 fido_ctap_info_t attr; /* device attributes */ 258 uint32_t cid; /* assigned channel id */ 259 char *path; /* device path */ 260 void *io_handle; /* abstract i/o handle */ 261 fido_dev_io_t io; /* i/o functions */ 262 bool io_own; /* device has own io/transport */ 263 size_t rx_len; /* length of HID input reports */ 264 size_t tx_len; /* length of HID output reports */ 265 int flags; /* internal flags; see FIDO_DEV_* */ 266 fido_dev_transport_t transport; /* transport functions */ 267 uint64_t maxmsgsize; /* max message size */ 268 int timeout_ms; /* read timeout in ms */ 269 } fido_dev_t; 270 271 #else 272 typedef struct fido_assert fido_assert_t; 273 typedef struct fido_cbor_info fido_cbor_info_t; 274 typedef struct fido_cred fido_cred_t; 275 typedef struct fido_dev fido_dev_t; 276 typedef struct fido_dev_info fido_dev_info_t; 277 typedef struct es256_pk es256_pk_t; 278 typedef struct es256_sk es256_sk_t; 279 typedef struct rs256_pk rs256_pk_t; 280 typedef struct eddsa_pk eddsa_pk_t; 281 #endif /* _FIDO_INTERNAL */ 282 283 #ifdef __cplusplus 284 } /* extern "C" */ 285 #endif /* __cplusplus */ 286 287 #endif /* !_FIDO_TYPES_H */ 288